Here's the problem:My internet service is 7Mbps/0.5Mbps (yes this is a problem, but not the one im talking about) from Time Warner. I have run several speed tests (speedtest.net) over the past few months and consistantly get 16Mbps/0.43Mbps at any time during the day. Download speeds are not a problem as I usually get over the service speed. The problem is with inconsistant browsing speed. At times pages will open within 1-2 seconds. Other times it will take 20-30 seconds and often time out. The problem will remain for 5-10 min and then seem to be working normally again for a short period. One quirk I noticed is that when I first turn on a computer, I can open a dozen tabs super fast, but then after the computer has been running for a few minutes the problem kicks in.

The house is wired in every room with cat5e. Everything runs to a 48 port patch board in the basement. From there any connection that is being used is patched to a new 24 port Gbit Dlink switch. The switch is connected to a wired (only) Dlink router. The router is connected to a brand new cable modem from Time Warner. A linksys wireless access point is connected on the main floor.

I talked with Time Warner (all the way up to senior tech support dude) and they ran several tests and couldnt find anything unusual with the connection. Trying to keep me happy they gave me the new cable modem. The problem is consistant across all computer and all browsers. It was suggested to try using GoogleDNS or OpenDNS but the problem remains for both. Its not a firewall issue, I dont run any torrents or anything downloading in the background, and all the computers have up to date antivirus.

Am I missing something obvious here? I am out of ideas. Any suggestions?

When the problem hits, I suggest first looking at the modem lights and see if they are going nuts or not. If they are going nuts then it is some activity using up your bandwidth, possibly a virus. If the lights are just do the occasional flash as retrys are sent then bust out wireshark and see what is going on - whether it is DNS timing out or everything getting hit.

Well, the modem lights are about the same during the slowdown. If anything they are slower. Usually the "PC" light flashes constantly and the Send and Receive lights are about once or twice a second. The router lights on the other hand are going crazy (maybe 5/sec).

I installed wireshark (never used it before) and wasnt really sure what to look for.

Just a thought, what is the maximum number (if any) of devices the router can handle? Could it be the router is trying to log all the connections and just simply be overloaded? D-Link EBR-2310

It's very likely that the router is the problem, especially with that many devices. According to SNB, only 32 simultaneous connections. I've run into similar issues with other routers and the symptoms are the same.

I've actually got a theory on this; I've had similar issues on my home network, and here's what I think is going on.

I suspect (but have not proven conclusively) that some routers get confused by the DNS Source Port Randomization feature which all major OSes rolled out since 2008, to defend against DNS Cache Poisoning attacks. The most visible symptom is very slow/erratic web browsing; it looks to me like DNS responses are randomly getting lost or delayed.

My evidence for this is somewhat circumstantial, but it is enough to convince me:

1) Only systems running newer OSes which have been kept current on their patches seem to be affected. Among the motley collection of PCs running here at my house I've got an older Win2K box, and an old Fedora Core 5 box, neither of which have been patched to implement DNS Source Port Randomization. These older systems are the only two which did *not* seem to be affected at all by this issue.

2) Linux systems seem to be more severely affected than Windows systems. (This is consistent with DNS issues, since Linux doesn't normally cache DNS responses locally, whereas Windows normally does. So Linux is making more DNS requests which need to go through the potentially problematic router.)

3) Setting up a local DNS proxy server, and pointing at that for DNS instead of directly at my ISP's DNS servers seems to help somewhat for the Linux systems, reducing the problem to about the level seen on the Windows boxes. (First access to a given site still stalls or times out sometimes, but after that it is smooth for a while... presumably until the entry expires out of the proxy's cache.)

4) Changing the network settings to go through a homebrewed Linux-based router instead of my Netgear WGR614 seems to completely fix the issue. (I've got multiple IPs from my ISP, so it is easy to flip back and forth between the two routers for direct comparison.)

My suggestion to you would be to see if there's a firmware upgrade available for your router. If there isn't one, or it doesn't seem to help, try a different router (or roll your own like I did).

Edit: Looks like you're already planning to try a new router. Good luck, and please let us know if it fixes the problem!

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

just brew it! wrote:I've actually got a theory on this; I've had similar issues on my home network, and here's what I think is going on.

I suspect (but have not proven conclusively) that some routers get confused by the DNS Source Port Randomization feature which all major OSes rolled out since 2008, to defend against DNS Cache Poisoning attacks. The most visible symptom is very slow/erratic web browsing; it looks to me like DNS responses are randomly getting lost or delayed.

My evidence for this is somewhat circumstantial, but it is enough to convince me:

1) Only systems running newer OSes which have been kept current on their patches seem to be affected. Among the motley collection of PCs running here at my house I've got an older Win2K box, and an old Fedora Core 5 box, neither of which have been patched to implement DNS Source Port Randomization. These older systems are the only two which did *not* seem to be affected at all by this issue.

2) Linux systems seem to be more severely affected than Windows systems. (This is consistent with DNS issues, since Linux doesn't normally cache DNS responses locally, whereas Windows normally does. So Linux is making more DNS requests which need to go through the potentially problematic router.)

3) Setting up a local DNS proxy server, and pointing at that for DNS instead of directly at my ISP's DNS servers seems to help somewhat for the Linux systems, reducing the problem to about the level seen on the Windows boxes. (First access to a given site still stalls or times out sometimes, but after that it is smooth for a while... presumably until the entry expires out of the proxy's cache.)

4) Changing the network settings to go through a homebrewed Linux-based router instead of my Netgear WGR614 seems to completely fix the issue. (I've got multiple IPs from my ISP, so it is easy to flip back and forth between the two routers for direct comparison.)

My suggestion to you would be to see if there's a firmware upgrade available for your router. If there isn't one, or it doesn't seem to help, try a different router (or roll your own like I did).

Edit: Looks like you're already planning to try a new router. Good luck, and please let us know if it fixes the problem!

FWIW, I do know that the WGR614 can't handle very many connections (from experience and further testing) and will exhibit the same problems you and the OP see.

tdsevern wrote:I installed wireshark (never used it before) and wasnt really sure what to look for.

When you get the problem, start wireshark doing a capture and then stop it after about 5 seconds. Look through the capture file for things labelled as retransmissions and see what they are and what is going on between them - e.g. responses that it doesn't see so it resends.

From the description of the router lights going faster and the modem lights going slower, it could well be the router as suggested by the others.

arsenhazzard wrote:FWIW, I do know that the WGR614 can't handle very many connections (from experience and further testing) and will exhibit the same problems you and the OP see.

Well, that would be #5 on my list of evidence then!

The follow-on to that thought would be that maybe port randomized DNS is severely affected because each time it switches to another port, it counts as another "connection" as far as the stupid router is concerned!

Edit: Something I've been planning for a while is to reconfigure the entire network so that it goes out through the Linux box instead, and use the Netgear only as a WiFi access point. I just need to get a DHCP server set up on the Linux box...

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

just brew it! wrote:Something I've been planning for a while is to reconfigure the entire network so that it goes out through the Linux box instead, and use the Netgear only as a WiFi access point. I just need to get a DHCP server set up on the Linux box...

That's what I run. I'm on Debian on the server so "apt-get install dhcp3-server" then edit the dhcpd.conf

# The ddns-updates-style parameter controls whether or not the server will# attempt to do a DNS update when a lease is confirmed. We default to the# behavior of the version 2 packages ('none', since DHCP v2 didn't# have support for DDNS.)ddns-update-style none;

Well, I installed a D-Link Xtreme N Gigabit router (D-Link DIR-655 ) to replace my D-Link EBR-2310. Installed this morning and havent had the issue all day. Hopefully it is fixed. Ill try to post again in a week or so with an update.

Well, its been a week. After replacing my old router, I haven't had the problem since. Still getting 16Mbps/0.47Mbps which is great since I'm paying for 8/0.5. The problem must have been with maxing out the number of connections. Thanks for the help guys.